A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction.

A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests.

Workaround ========== There is no known workaround at this time.

Resolution ========== All Chromium users should upgrade to the latest version:

Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security [at] gentoo or alternatively, you may file a bug at https://bugs.gentoo.org.